Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xargs is not required to do keyless signing with GH OIDC token #131

Closed
jbtrystram opened this issue Jun 5, 2023 · 0 comments · Fixed by #132
Closed

xargs is not required to do keyless signing with GH OIDC token #131

jbtrystram opened this issue Jun 5, 2023 · 0 comments · Fixed by #132
Labels
enhancement New feature or request

Comments

@jbtrystram
Copy link
Contributor

The documentation in the README suggests using xargs to sign containers/blobs without a key.
This is not needed and add complexity to the command.

I was able to sucessfully sign images from a GH action workflow with the following step:

- name: Sign the images with GitHub OIDC Token
      env:
        IMAGE: {{ env.IMAGE_REGISTRY}}/${{ env.REGISTRY_USER}}/${{ env.IMAGE_NAME }}
      run: | 
        cosign sign \
        -a "repo=${{ github.repository }}" \
        -a "workflow=${{ github.workflow }}" \
        -a "ref=${{ github.sha }}" \
        --yes ${IMAGE}@${DIGEST}

I drew inspiration from there : https://github.com/sigstore/cosign/blob/main/scripts/sign-images-ci.sh
@jbtrystram jbtrystram added the enhancement New feature or request label Jun 5, 2023
jbtrystram added a commit to jbtrystram/cosign-installer that referenced this issue Jun 5, 2023
@jbtrystram
Update action example for keyless signing as xarg is not required
a03609c 
Fixes sigstore#131

Signed-off-by: jbtrystram <[email protected]>
@cpanato cpanato mentioned this issue Jun 6, 2023
Merged
cpanato pushed a commit that referenced this issue Jun 6, 2023
@jbtrystram
Update action example for keyless signing as xarg is not required (#132)
60bbdf4 
Fixes #131

Signed-off-by: jbtrystram <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update action example for keyless signing as xarg is not required jbtrystram/cosign-installer
1 participant
@jbtrystram